| Establishing a Contingency Plan.

Slides:



Advertisements
Similar presentations
Museum Presentation Intermuseum Conservation Association.
Advertisements

How much HIPAA is enough? Session 2: What to Do - HIPAA-compliance with Datto.
Reliability of the electrical service Business Continuity Management Business Impact Analysis (BIA) Critical ITC Services Minimum Business Continuity Objective.
National Health Information Privacy and Security Week Understanding the HIPAA Privacy and Security Rule.
Information Risk Management Key Component for HIPAA Security Compliance Ann Geyer Tunitas Group
Health Insurance Portability and Accountability Act (HIPAA)HIPAA.
HIPAA Security Regulations Jean C. Hemphill Ballard Spahr Andrews & Ingersoll, LLP November 30, 2004.
HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.
Privacy, Security, Confidentiality, and Legal Issues
Maximizing Uptime and Your Firm's Bottom Line: Understanding risk and budget when evaluating business continuity & disaster recovery protocols Michael.
Service Design – Section 4.5 Service Continuity Management.
1 Disaster Recovery “Protecting City Data” Ron Bergman First Deputy Commissioner Gregory Neuhaus Assistant Commissioner THE CITY OF NEW YORK.
GLOBRIN Business Continuity Workshop TECHNOLOGY & INFORMATION 13 th November 2013 Graham Jack.
© Copyright 2014 Saul Ewing LLP The Coalition for Academic Scientific Computation HIPAA Legal Framework and Breach Analysis Presented by: Bruce D. Armon,
Business Services Emergency Preparedness. Agenda Emergencies Emergencies Business Continuation Business Continuation University Plan University Plan Building.
ORGANISATIONAL SYSTEMS SECURITY Unit 15 Lecture 6
Disaster Recovery and Business Continuity Ensuring Member Service in Times of Crisis.
Saving Your Business from a Data Loss Randy Clark.
Contingency Planning Drew Hunt Network Security Officer Valley Medical Center.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
 Review the security rule as it pertains to ›Physical Safeguards ♦ How to protect the ePHI in the work environment ♦ Implementation ideas for your office.
Information Security Technological Security Implementation and Privacy Protection.
What is HIPAA? H ealth I nsurance P ortability and A ccountability A ct (Kennedy-Kassenbaum Bill) nAdministrative Simplification –Privacy –Transactions.
“ Technology Working For People” Intro to HIPAA and Small Practice Implementation.
2015 Risky Business Week Welcome to the 2015 Risky Business Week presentation regarding disaster recovery Risky Business Week.
David N. Wozei Systems Administrator, IT Auditor.
Rich Archer Partner, Risk Advisory Services KPMG LLP Auditing Business Continuity Plans.
Copyright ©2011 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved. Health Information Technology and Management Richard.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
 FFC backs up all of its data each day. It stores its most recent daily backup once a week at a company owned offsite location. FFC also stores the most.
By Srosh Abdali.  Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure.
1. 2 Cost to Recover Time to Recover Last Backup Work Backlog Created Lost Data Recovery Operations Time Cost Disaster Recovery Time Frame Reconstruct.
©2006 Merge eMed. All Rights Reserved. Energize Your Workflow 2006 User Group Meeting May 7-9, 2006 Disaster Recovery Michael Leonard.
1 Crisis Management / Emergency Management Overview.
Chapter 18 Institutional Security. Special Security Institutions  Hospitals and other health care facilities.  Educational institutions.  Libraries.
Security Issues of Cloud Computing in Healthcare.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
Eliza de Guzman HTM 520 Health Information Exchange.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Business Continuity Program Orientation (insert presentation date) (This presentation is a template that requires adjustments to meet your needs)
E.Soundararajan R.Baskaran & M.Sai Baba Indira Gandhi Centre for Atomic Research, Kalpakkam.
The Culture of Healthcare Privacy, Confidentiality, and Security Lecture d This material (Comp2_Unit9d) was developed by Oregon Health and Science University,
Working with HIT Systems
Lessons Learned from Recent HIPAA Breaches HHS Office for Civil Rights.
Protecting Your Data With Just Get Backup, LLC. Agenda How important is your data – Acknowledging worst-case scenarios. Understanding that data backup.
Disaster Recovery: Can Your Business Survive Data Loss? DR Strategies for Today and Tomorrow.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
10/11/20071 Business Continuity and Disaster Recovery Planning CMPE296T Fall 2007 Final Project Professor Richard Sinn Team Members Li Yang Smita Uniyal.
Working with HIT Systems Unit 7a Protecting Privacy, Security, and Confidentiality in HIT Systems This material was developed by Johns Hopkins University,
A2 LEVEL ICT 13.6 LEGAL ASPECTS DISASTER RECOVERY.
The Art of Information Security: A Strategy Brief Uday Ali Pabrai, CISSP, CHSS.
Operational Issues. Operational Changes It is important to organisations to ensure that they abide by the Law when caring for the safety of their employees,
CBIZ RISK & ADVISORY SERVICES BUSINESS CONTINUITY PLANNING Developing a Readiness Strategy that Mitigates Risk and is Actionable and Easy to Implement.
HIPAA Security Best Practices Clint Davies Principal BerryDunn
2007 Office of Risk Management Annual Conference 2007 David M. Shapiro Disaster Planning & Recovery Consultants
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-I)
February 3, 2009 Bridging Academic and Medical Cultures Academic Research Systems and HIPAA William K. Barnett Anurag Shankar.
Junli M. Awit, RN.  Enacted by President Bill Clinton in 1996  Title I of HIPAA protects health insurance coverage for workers and their families when.
THINK DIFFERENT. THINK SUCCESS.
Community Health Centers of Arkansas Hazard Vulnerability Assessment Workshop August 11, 2017 Mark Fuller.
Planning for Application Recovery
CMS Policy & Procedures
Moving Health Information In An Emergency
HIPAA.
Audit Planning Presentation - Disaster Recovery Plan
CompTIA Security+ Study Guide (SY0-501)
Final HIPAA Security Rule
Business Continuity Basics
Introduction to the PACS Security
Presentation transcript:

| Establishing a Contingency Plan

HIPAA Security Rule § (a)(7) Contingency Plan The Contingency Plan standard requires covered entities to: “Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain ePHI.”

Agenda  Data Backup Plan  Disaster Recovery Plan  Emergency Mode Operation Plan  Testing and Revision Procedures  Applications and Data Criticality Analysis

 What ePHI must be backed up?  Have we included all data sources?  Have we considered various backup methods?  Is our backup data stored in a safe secure place? Data Backup Plan (Required) “Establish and Implement procedures to create and maintain retrievable exact copies of ePHI”

Sonya Christian, CIO; West Georgia Health

 You may already have a DR plan – does it address ePHI?  What specific threats do you face?  Does is address what data is to be restored?  Is the plan readily available – during an emergengy? Disaster Recovery Plan (Required) “Establish (and implement as needed) procedures to restore any loss of data.”

Emergency Mode Operation Plan (Required) Establish Procedures to Enable Continuation of Critical Business Processes to Protect the Security of ePHI While Operating In Emergency Mode

Emergency Mode Operation Plan Continuity of Operations Planning  Will determine the ability of your organization to continue its business operations  Improve the likelihood that your facility will survive and recover from events that impact business operations

Emergency Mode Operation Plan

Moving Towards Cloud Computing  Continuous Up-Time?  What is Downtime Costing Your Hospital?  Is Cloud Computing an Option?  What other risks does cloud computing invite?

 Have we documented our processes?  Does everyone understand their role?  Have we actually practiced and tested our procedures?  What did we learn?  How should we change our plan? Testing and Revision Procedures (Addressable) “Implement procedures for periodic testing and revision of contingency plans.”

Applications & Data Criticality Analysis

 Review critical computer and electronic systems  Identify applications critical to patient care

Questions and Discussion Don Kinser, PE, CPHIMS President and CEO EDI, ltd Mark Renfro Healthcare Consultant